From owner-freebsd-security Mon Mar 3 16:58:43 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D57237B401 for ; Mon, 3 Mar 2003 16:58:40 -0800 (PST) Received: from mail.digitaldeck.com (twindolphin-xo.digitaldeck.com [66.237.41.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E7F443FB1 for ; Mon, 3 Mar 2003 16:58:39 -0800 (PST) (envelope-from chris@digitaldeck.com) Received: from luna (luna.office-ca1.digitaldeck.com [192.168.1.132]) by mail.digitaldeck.com (8.12.6/8.12.6) with SMTP id h240wdL2068752 for ; Mon, 3 Mar 2003 16:58:39 -0800 (PST) (envelope-from chris@digitaldeck.com) From: "Chris McCluskey" To: Subject: Re: SA-03:04.sendmail Bin Update Date: Mon, 3 Mar 2003 20:08:52 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok... Here's what I show: namehere# telnet namehere 25 Trying 192.x.y.z... Connected to namehere.digitaldeck.com. Escape character is '^]'. 220 namehere.digitaldeck.com ESMTP Sendmail 8.12.6/8.12.6; Mon, 3 Mar 2003 16:22:53 -0800 (PST) namehere# strings sendmail-4.7-i386-nocrypto.bin |grep 8.12 @(#)$Id: safefile.c,v 8.124 2002/05/24 20:50:15 gshapiro Exp $ 8.12.6 I have been tracking RELENG_4_7 and it looks like 4.12.6 to me. So again, I want to make sure that this version of Sendmail has been patched. What's the best verification procedure to insure that the patched version is online? > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > Matthew Seaman > Sent: Monday, March 03, 2003 3:46 PM > To: Chris McCluskey > Cc: security@FreeBSD.ORG > Subject: Re: SA-03:04.sendmail Bin Update > > > On Mon, Mar 03, 2003 at 04:59:02PM -0800, Chris McCluskey wrote: > > Just want to verify. The binary Sendmail update is for > 8.12.6 not the > > newly released 8.12.8 correct? Just got thrown off when > after running > > install the logged version of Sendmail was the same. If this is > > correct, is there a way to verify that the currently > running version > > is the patched version? > > If you're tracking 4-STABLE or 5-CURRENT you should definitely have > sendmail-8.12.8 if you cvsup now. Other branches may differ. > > You can tell what version is currently running on your system by > telnet'ing to the SMTP port and looking at the banner: > > % telnet smtp.infracaninophile.co.uk 25 > Trying 81.2.69.218... > Connected to smtp.infracaninophile.co.uk. > Escape character is '^]'. > 220 smtp.infracaninophile.co.uk ESMTP Sendmail > 8.12.8/8.12.8; Mon, 3 Mar 2003 23:40:05 GMT > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 > The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 > Bucks., SL7 1TH UK > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message